🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > cydave

cydave

All Time Ranking

All Time Discoveries

Showing 21-40 of 89 Vulnerabilities

core plugin for kitestudio themes <= 2.2.1 - Reflected Cross-Site Scripting

6.1

CVE-2022-1951

Jun 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Active Products Tables for WooCommerce <= 1.0.4 - Reflected Cross-Site Scripting

6.1

CVE-2022-1916

Jun 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Simple Membership <= 4.1.0 - Reflected Cross-Site Scripting

6.1

CVE-2022-1724

May 23, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Pie Register <= 3.8.1.2 - Missing Authorization to Arbitrary User Deletion

6.5

CVE-2022-4024

Nov 28, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Ubigeo de Perú para Woocommerce y WordPress <= 3.6.3 - Unauthenticated SQL Injection

6.5

CVE-2022-0814

Apr 18, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Sitemap by click5 <= 1.0.35 - Unauthenticated Arbitrary Options Update

6.5

CVE-2022-0952

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQL Injection

6.5

CVE-2022-0783

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

WP Video Gallery <= 1.7.1 - SQL Injection

6.5

CVE-2022-0826

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Order Listener for WooCommerce – Play Sounds Instantly on New Orders <= 3.2.1 - Unauthenticated SQL Injection

6.5

CVE-2022-0948

Apr 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Pardakht Delkhah <= 2.9.2 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2022-4307

Dec 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WP AutoComplete Search <= 1.0.4 - Unauthenticated SQL Injection

7.2

CVE-2022-4297

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Awin Data Feed <= 1.7 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2022-1938

Jun 16, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

SearchIQ – The Search Solution <= 3.8 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2022-0780

Apr 11, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WooCommerce Affiliate Plugin - Coupon Affiliates < 4.16.4.5 - Stored Cross-Site Scripting

7.2

CVE-2022-0818

Mar 2, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Web To Print Shop : uDraw <= 3.3.3 - Unauthenticated Arbitrary File Access

7.4

CVE-2022-0656

Apr 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Wholesale Market <= 2.2.0 - Information Disclosure via Unauthenticated Arbitrary File Download

7.5

CVE-2022-4298

Dec 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Product Filter For WooCommerce Product <= 1.3.1 - Unauthenticated SQL Injection

7.5

CVE ID Unknown

Apr 14, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Narnoo Distributor <= 2.5.1 - Path Traversal

7.5

CVE-2022-0679

Mar 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Return Refund and Exchange For WooCommerce <= 4.0.8 - Arbitrary File Upload

8.8

CVE-2022-4047

Nov 25, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Directorist <= 7.4.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

8.8

CVE-2022-3930

Nov 21, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
core plugin for kitestudio themes <= 2.2.1 - Reflected Cross-Site Scripting	CVE-2022-1951	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 2, 2022
Active Products Tables for WooCommerce <= 1.0.4 - Reflected Cross-Site Scripting	CVE-2022-1916	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 1, 2022
Simple Membership <= 4.1.0 - Reflected Cross-Site Scripting	CVE-2022-1724	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	May 23, 2022
Pie Register <= 3.8.1.2 - Missing Authorization to Arbitrary User Deletion	CVE-2022-4024	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	November 28, 2022
Ubigeo de Perú para Woocommerce y WordPress <= 3.6.3 - Unauthenticated SQL Injection	CVE-2022-0814	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 18, 2022
Sitemap by click5 <= 1.0.35 - Unauthenticated Arbitrary Options Update	CVE-2022-0952	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	April 13, 2022
Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQL Injection	CVE-2022-0783	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 13, 2022
WP Video Gallery <= 1.7.1 - SQL Injection	CVE-2022-0826	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 13, 2022
Order Listener for WooCommerce – Play Sounds Instantly on New Orders <= 3.2.1 - Unauthenticated SQL Injection	CVE-2022-0948	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	April 12, 2022
Pardakht Delkhah <= 2.9.2 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-4307	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	December 27, 2022
WP AutoComplete Search <= 1.0.4 - Unauthenticated SQL Injection	CVE-2022-4297	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 12, 2022
Awin Data Feed <= 1.7 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-1938	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 16, 2022
SearchIQ – The Search Solution <= 3.8 - Unauthenticated Stored Cross-Site Scripting	CVE-2022-0780	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 11, 2022
WooCommerce Affiliate Plugin - Coupon Affiliates < 4.16.4.5 - Stored Cross-Site Scripting	CVE-2022-0818	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	March 2, 2022
Web To Print Shop : uDraw <= 3.3.3 - Unauthenticated Arbitrary File Access	CVE-2022-0656	7.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N	April 13, 2022
Wholesale Market <= 2.2.0 - Information Disclosure via Unauthenticated Arbitrary File Download	CVE-2022-4298	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	December 12, 2022
Product Filter For WooCommerce Product <= 1.3.1 - Unauthenticated SQL Injection		7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	April 14, 2022
Narnoo Distributor <= 2.5.1 - Path Traversal	CVE-2022-0679	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	March 1, 2022
Return Refund and Exchange For WooCommerce <= 4.0.8 - Arbitrary File Upload	CVE-2022-4047	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 25, 2022
Directorist <= 7.4.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change	CVE-2022-3930	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 21, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation